Skills
skills/koshimazaki/ue-audio-skills/ue5-blueprint-audio/Gen Agent Trust Hub

ue5-blueprint-audio

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run internal Python scripts, such as scripts/scan_project.py and scripts/scrape_blueprint_api.py, which index project assets and build knowledge embeddings. These are internal vendor resources used for project indexing.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its data ingestion capabilities.
  • Ingestion points: The agent reads metadata, node information, and comments from Unreal Engine assets using the scan_blueprint and list_assets tools.
  • Boundary markers: Prompt templates lack explicit boundary markers or instructions to ignore instructions embedded in the scanned assets.
  • Capability inventory: The agent has access to Bash, Read, and Grep, which could be potentially misused if malicious instructions are ingested from asset files.
  • Sanitization: There is no evidence of sanitization or filtering applied to the asset data before it is incorporated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 05:11 PM